Xerox WorkCentre 5632/5638/5645/5655 - Common Criteria

More documents

Recommendations

Info

Xerox WorkCentre 5632/5638/5645/5655/5665/5675/5687 Multifunction Systems Security Target 1.3.2.6. Management Data Protection – SSL (TSF_FDP_SSL) The TOE provides support for SSL and allows the TOE to act as either an SSL server, or SSL client, depending on the function the TOE is performing (SSLSec SFP). SSL v3.1 must be enabled before the system administrator can retrieve the audit log. SSL functionality also permits the TOE to be administered from the Web UI. Except for the cryptography used to protect the audit logs (SSL v3.1), the cryptography used for management data protection has been scoped out of the evaluation. 1.3.2.7. User Data Protection – IP Filtering (TSF_FDP_FILTER) The TOE provides the ability for the system administrator to configure a network information flow control policy based on a configurable rule set. The information flow control policy (IPFilter SFP) is generated by the system administrator specifying a series of rules to “accept,” “deny,” or “drop” packets. These rules include a listing of IP addresses that will be allowed to communicate with the TOE. The IP Filter supports the construction of both IPv4 and IPv6 filtering policies. Additionally rules can be generated specifying filtering options based on port number given in the received packet. IP Filtering is not available for IPv6, AppleTalk or IPX; however, the effect of IP Filtering can be accomplished for IPv6 by configuring IPSec associations. Note: The TOE cannot enforce the IP Filtering (TSF_FDP_FILTER) security function when it is configured for IPv6, AppleTalk or IPX networks. 1.3.2.8. Information Flow Security (TSF_FLOW) The TOE controls and restricts the information flow between the PSTN port of the optional FAX processing board (if installed) and the network controller (which covers the information flow to and from the internal network). Data and/or commands cannot be sent to the internal network via the PSTN. A direct connection from the internal network to external entities by using the telephone line of the TOE is also denied. If the optional FAX board is not installed, an information flow from or to the FAX port is not possible at all. 1.3.2.9. Security Management (TSF_FMT) Only authenticated system administrators can enable or disable the Image Overwrite function, enable or disable the On Demand Image Overwrite function, change the system administrator password, and start or cancel an On Demand Image Overwrite operation. 16 Copyright 2009 Xerox Corporation, All rights reserved
Xerox WorkCentre 5632/5638/5645/5655/5665/5675/5687 Multifunction Systems Security Target While IIO or ODIO can be disabled, doing so will remove the TOE from its evaluated configuration. Additionally, only authenticated system administrators can assign authorization privileges to users, establish a recurrence schedule for “On Demand” image overwrite, enable/disable SSL support, create/install X.509 certificates, enable/disable and download the audit log, enable/disable and configure (rules) IP filtering, enable/disable disk encryption, enable/disable use of Common Access Cards or enable/disable and configure IPv6. 1.3.2.10.User Data Protection - AES (TSF_EXP_UDE) The TOE utilizes data encryption (AES) and cryptographic checksum generation and secure hash computation (SHA-1) to support encryption and decryption of designated portions of the hard disk where user files may be stored. Those packages meet the following standards: AES-256- FIPS-197 (CAVP Certificate No. 1471), SHA-1 – FIPS-180-2 (CAVP Certificate No. 1331). 1.3.3. Evaluated Configuration In its evaluated configuration, the Image Overwrite Security Package is installed and IIO, ODIO and SSL (for protection of management data only) are enabled on the TOE. The FAX option, if purchased by the consumer, is installed and enabled. All other configuration parameter values, including the presence of the Network Scanning Accessory, are optional. The LanFax option is included in the evaluated configuration of the TOE. Consumers of the TOE should refer to the Product Security Guidance at http://www.xerox.com/security for more information. 17 Copyright 2009 Xerox Corporation, All rights reserved
Page 1 and 2: Xerox WorkCentre 5632/5638/5645/565
Page 15: Xerox WorkCentre 5632/5638/5645/565
Page 61 and 62: O.AUDITS O.RECOVER O.FAXLINE O.MANA
Page 67 and 68:
Xerox WorkCentre 5632/5638/5645/565
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77:
show all

Xerox WorkCentre 5632/5638/5645/5655 - Common Criteria

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?